Summary: | <net-vpn/tor-{0.4.5.10, 0.4.6.7}: Denial of service (CVE-2021-38385) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.torproject.org/pipermail/tor-packagers/2021-August/000128.html | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
net-vpn/tor-0.4.5.10
net-vpn/tor-0.4.6.7
|
Runtime testing required: | --- |
Description
Sam James
2021-08-17 04:49:11 UTC
These are in the tree now. Tor is very good about pushing out working products, so let's go ahead and stabilize. (In reply to Anthony Basile from comment #1) > These are in the tree now. Tor is very good about pushing out working > products, so let's go ahead and stabilize. Thanks! ppc done ppc64 done arm done x86 done arm64 done amd64 stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Agostino Sarubbo from comment #8) > amd64 stable. > > Maintainer(s), please cleanup. > Security, please vote. the vulnerable version is off the tree (In reply to Anthony Basile from comment #9) > (In reply to Agostino Sarubbo from comment #8) > > amd64 stable. > > > > Maintainer(s), please cleanup. > > Security, please vote. > > the vulnerable version is off the tree Thanks! Unable to check for sanity:
> no match for package: net-vpn/tor-0.4.5.10
(In reply to NATTkA bot from comment #11) > Unable to check for sanity: > > > no match for package: net-vpn/tor-0.4.5.10 I've dropped 0.4.5.10 from the tree. There's no reason to keep it with 0.4.6.7. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=464847c4e70c07cfb07a8715f613e418da18698e commit 464847c4e70c07cfb07a8715f613e418da18698e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:23 +0000 [ GLSA 202305-11 ] Tor: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/808681 Bug: https://bugs.gentoo.org/852821 Bug: https://bugs.gentoo.org/890618 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-11.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) |